Using “Signal” For Encrypted Chats, You Shouldn’t Skip Its Next Update

Through signals, many attackers are targeting your devices, and it directly or indirectly affects to your system as well so let’s know how the message would impact to your system.

The whistleblower Edward Snowden had shown several vulnerabilities in Signal. One would allow potential attackers to add random data to the attachments of encrypted messages sent by Android users, while on others, but would enable hackers to remotely execute malicious code on the targeted device. Besides, many confidential files of users are kept in Github and Google’s Official Play Store so that people are vulnerable to the attack of hackers.

The flaws in Android version of Signal include:

  1. Message authentication-bypass vulnerability
  2. A remote code execution vulnerability
  3. Crash bug

Similarly, the researcher Jean-Philippe Aumasson and Markus Vervier have discovered the message authentication-bypass vulnerability while reviewing the java code used by the signal for Android. It is sure that no one can do exploitable except the attackers or hackers who can we work on a signal server or a monitor data passing between signal users would be able to append pseudorandom data to the legitimate attachment. However, in the case of attachment, the signal does not verify the authenticity of the entire file; instead, it would allow hackers to attach pseudorandom data to the legitimate attachment.

Talking to Ars Technica, Aumasson said he found the integer overflow bug in the following line of code: int remainingData = (int) file.length () – mac.getMacLength();

  1. The value ‘file.length ()’ is a number encoded on 64 bits (of type ‘long’).
  2. The receiving variable ‘remainingData’ is a number encoded on 32 bits (of type ‘int’).

Even though signal uses end-to-end encryption to encrypt the messages on the sender’s device and decrypt it only on the receiver’s end, the encrypted messages still pass through a server, which would allow the hackers to carry out the message authentication bypass attack by hacking.

It is also known that Aumasson and Vervier are even now testing the same bugs in WhatsApp and Facebook Messanger to rely on signal code.